Recently, personal computer (PC) and computer server use, in both the home and office environments, has become widespread. This widespread use has also lead to increased concerns over data security. With the growth of the Internet, wireless communication technologies, and mobile computing, data security is becoming an ever increasing issue. For example, many PCs often operate outside of a secure firewall environment, and may periodically communicate with a network or the Internet. During such communication, a determined hacker can attack the communication channel used by the PC or server. This poses a threat not only to sensitive data resident on the PC, but also to data resident on the network, and data being transmitted between the PC and the network.
Various solutions have been proposed to address problem of data theft and hacking. One proposed solution is the use of an external device called a hardware key, or “dongle.” A dongle is a device that is externally coupled to an input/output (I/O) port on a host PC. Although these devices do work satisfactorily, dongles do suffer certain drawbacks. For example, the dongle is installed in an I/O port, which prevents that port from being used for a peripheral device, such as a printer, a scanner, or other I/O devices. Alternatively, if a PC or server can verify that another PC or server in a network or the Internet is trusted to share information or data then hacking or data theft by the other computer can also be eliminated. This is because if the PC or server is not trusted, then communication between the PC or server and the non-trusted PC or server is terminated.
Yet another solution has been proposed by the Trusted Computing Platform Alliance (TCPA). Specifically, the TCPA developed a security solutions specification for a trusted platform module (TPM). A TPM is a circuit included within a computing system to support trusted computing. The TPM may be implemented as a separate integrated circuit chip that is mounted on the motherboard of a PC or server, or integrated with other circuits within the computing system such as, for example, the CPU chip set or within the CPU itself. No matter its specific physical implementation, the TPM is configured to provide various security functions. For example, the TPM typically includes a public/private key pair for cryptographic operations, can generate anonymous key pairs for use by other entities, can perform encryption and decryption operations, can sign and verify data, and can establish a root of trust.
Although quite effective in implementing trusted computing, and reducing the likelihood of secure data theft, the present instantiation of the TPM suffers certain drawbacks. For example, not all PC motherboards are presently designed and manufactured to receive a TPM, or other type of security circuit. Thus, many PC or server motherboards need to be specially designed and manufactured to receive a TPM or circuits integrated with a TPM. This can significantly increase overall manufacturing costs, which can in turn be passed on to the consumer. Moreover, a TPM, whether implemented as a stand-alone circuit or integrated into other circuits, is typically unique to a specific chip vendor, which can significantly impact manufacturing flexiblity.
Accordingly, it is desirable to provide a means of implementing a trusted computing environment that does not suffer the above-noted drawbacks. Namely, a means that does not rely on any type of externally connected device or devices and/or a means that does not rely on specially designed PC motherboards. The present invention addresses at least these needs.